{% extends "base.html" %}

{% set active_page = "Database" %}

{% block body %}


<div class="row justify-content-center">

    <div class="col-xl-6 col-lg-8 col-md-10 mt-4">
        <h3 class="mb-3">Binary Pattern Search</h3>
        <form class="form-horizontal" action="" method=post enctype=multipart/form-data>

            <script>
                function switchTab(evt, tabname) {
                    let i, tabcontent, tablinks;
                    tabcontent = document.getElementsByClassName("tab-content");
                    for (i = 0; i < tabcontent.length; i++) {
                        tabcontent[i].style.display = "none";
                    }
                    tablinks = document.getElementsByClassName("nav-link");
                    for (i = 0; i < tablinks.length; i++) {
                        tablinks[i].className = tablinks[i].className.replace(" active", "");
                    }
                    document.getElementById(tabname).style.display = "inline";
                    evt.currentTarget.className += " active";
                };

                function clickCheckbox(box) {
                    let fw_input =  document.getElementById("firmware_uid_input");
                    if (box.checked) {
                        fw_input.style.display = "inline";
                    } else {
                        fw_input.style.display = "none";
                        fw_input.value = "";
                    }
                };
            </script>


            <ul class="nav nav-tabs mb-4">
                <li class="nav-item">
                    <a class="nav-link active" href="#" onclick="switchTab(event, 'fromFile')">
                        From File
                    </a>
                </li>
                <li class="nav-item">
                    <a class="nav-link" href="#" onclick="switchTab(event, 'fromText')">
                        From Text
                    </a>
                </li>
            </ul>

            <div class="col-lg-8 px-0">
                <div class="form-group tab-content" id="fromFile">
                    <label for="selectFile">Yara rule file:</label><br />
                    <input id="selectFile" type="file" name="file">
                </div>
            </div>

            <div class="col-lg-8 px-0">
                <div class="form-group tab-content" id="fromText" style="display: none;">
                        <label class="control-label" for="textarea">Yara rule:</label><br />
                    <div>
                        <textarea name="textarea" rows="5" style="resize: vertical; position: relative; z-index: 1;"
                        class="form-control" id="textarea"></textarea>
                    </div>
                </div>
            </div>
            <div class="col-lg-8 px-0 my-2">
                <label><input type='checkbox' name="firmware_checkbox" id="firmware_checkbox" onclick='clickCheckbox(this);'> scan single firmware</label>
                <input name="firmware_uid" type="text" class="form-control" id="firmware_uid_input" placeholder="Firmware UID" style="display: none;">
                <br />
                <label><input type="checkbox" name="only_firmware" value="True"> show parent firmware instead of matching file</label>
            </div>

            {% if error %}
                <h5 style="color: red;">{{ error }}</h5>
            {% endif %}

            <div class="col-lg-8 px-0">
                <button type="submit" value=submit class="btn btn-primary" id="input_submit">
                    <i class="fas fa-search"></i> Search
                </button>
            </div>
        </form>
    </div>
</div>

<div class="row justify-content-center mt-4">
    <div class="col-xl-6 col-lg-8 col-md-10">
        <h4>Example queries:</h4>

        HEX-Pattern:
        <pre class="border rounded p-2 mb-0 bg-light"><code>rule a_hex_string_rule
{
    strings:
        $a = { 0A1B }
    condition:
        $a
}</code></pre>
        <div style="color:grey; font-size: 0.9em; margin-bottom: 5px;">Matches firmware files including 0x0A1B.</div>

        ASCII:
        <pre class="border rounded p-2 mb-0 bg-light"><code>rule a_ascii_string_rule
{
    strings:
        $a = "backdoor" ascii wide nocase
        $b = "roodkcab" ascii wide nocase
    condition:
        $a or $b
}</code></pre>
        <div style="color:grey; font-size: 0.9em; margin-bottom: 5px;">Matches firmware files including the string "backdoor" or "roodkcab" in 8bit (ascii) or 16bit (wide) representation and not case sensitive.</div>
        
        RegEx:
        <pre class="border rounded p-2 mb-0 bg-light"><code>rule a_regex_rule
{
    strings:
        $a = /vxworks 5\.\d+(\.\d+)?/ nocase
    condition:
        $a 
}</code></pre>
        <div style="color:grey; font-size: 0.9em; margin-bottom: 5px;">Matches firmware files including "vxworks 5.X.Y" with "X" and "Y" are arbitrary numbers, ".Y" is optional and the whole string is not case sensitive.</div>

        <p>Do you need more advanced rules? Have a look at the <a href="https://yara.readthedocs.io/en/latest/writingrules.html">official yara documentation</a>!</p>    
    </div>

    <script>
        function set_uid(){
            var url = window.location.href;
            if( url.search( 'firmware_uid' ) > 0 ) {
                var url_object = new URL(url);
                var uid = url_object.searchParams.get("firmware_uid");
                var cb = document.getElementById("firmware_checkbox");
                var input = document.getElementById("firmware_uid_input");
                cb.checked = true;
                input.value = uid;
                input.style.display = "inline";
            }
        };
        set_uid();
    </script>

</div>

{% endblock %}
